SUMMARY: V8 Sendmail STOPS Logging under SunOS!

Lawrence Houston (houston@felix.geog.mcgill.ca)
Sun, 09 Mar 1997 01:00:02 -0500 (EST)

SUN Managers:

Thanks to those who provided suggestions:

Michael Kohne <mhkohne@moberg.com>
Rick Kelly <rmk@rmkhome.rmkhome.com>
Scott Mitchell <smitch@eratos.erin.utoronto.ca>

Original Post:

================================================================================
Not sure where to turn with the following problem, since I am NOT sure if
it is a SunOS Specific "bug" or more General Security Issue?

Last month the Sendmail 8.6.10 I had previously build and installed of our
SunOS 4.1.3 (sun4c & sun4m) and SunOS 4.1.1 (sun3) Machines all stopped
logging transaction in /var/log/syslog! Yesterday I build and installed
Sendmail 8.5.5 for the SunOS 4.1.3 (sun4m) Machine, but still NO entries
are being logged?

Might this be "bug" in SunOS's Syslog Daemon which is time dependent or
more seriously that all three of our SunOS WorkStations had their Security
Broken at about the same time?
================================================================================

Conclusion:

Although the Sun Manager's List did NOT provide any solutions, the
feedback was helpfull. Thanks!

Determined the Resolver Routines I had inclued in the System C Library had
stopped returning anything for the "loghost"! Since our Resolver
Routines, Sendmail and syslog.conf had remained unchanged for several
years, I must assume our University's DNS somehow made a change which
effected our SunOS Hosts. Switched from "bindon41" (BIND 4.8.3) to
Resolve+ V2.1 (BIND 4.8.3, with configurable bind, nis, hosts selection)
and the SUNs are again able to read the local "/etc/hosts" files when
doing a DNS lookup for "loghost" (with bindon41 the "/etc/hosts" file is
NOT used for name resolution, the external DNS is used exclusively).

What made this more difficult relates to the resolving of "loghost" being
required at Boot Time, this appears to effect the UDP Port 514 when the
Syslog Daemon is first started? Loghost relates to Sendmail since the
stock "syslog.conf" tests for LOGHOST being Defined before it will enable
"mail.debug" logging!

Hence syslog is affected by the DNS Resolver Routines, which in turn
effects Sendmail. A DAMN House of Cards! On checking with our Computing
Centre, their most recent change was moving to BIND 4.9.5, so possibly
this impacted on the "bindon41" routines we had been using previously? In
any case, moving to Resolve+ V2.1 has restored Sendmail's Logging on all
of our SUN Hosts.

According to ftp.sendmail.org Sendmail 8.6.X should NO longer be used on
Host with Direct Internet Access, so I also upgrade to Sendmail 8.8.5.

Lawrence Houston - (houston@felix.geog.mcgill.ca)